Running a Machine

Clicking Run Machine will open the Start a Machine window which can assist in running your first machine.

The first step to start a machine is to select the machine you would like to run from the list of machines that are available in your Maltego client.

By default, Show on startup and Show on empty graph click will be checked. This means that in these two conditions the Start a Machine window will open automatically. These can be switched off by unchecking these options.

Clicking next will take you to the next page where you can input the start parameter.

Machines require a start parameter, from which subsequent transforms can be run. For example, the Footprint L2 machine requires a target domain as the input entity.

Clicking Finish will start the machine on the target that was specified. The Machines window will open which provides details on the status of the machine that is running, it is described in the next section.

Machine Window

The image below provides labels for each feature in the Machines window:

User Filters

Some of the machines that come with Maltego include User Filter that allows you to choose which entities you want to continue in the machine’s pipeline. This is important as the it allows you to specify what is relevant and what is not and prevents the machine from gathering information on entities that are irrelevant to the current investigation.

In the case of the Footprint L2 machine, a user filter will pop up to ask you if you want the machine to look for additional domains that use the same MX and NS records as the target domain:

Here it seems that paterva.com uses Google for their MX records and Linode for their NS records. If you were investigating paterva.com you would not want the machine to look for domains that use these records as it would return thousands of unrelated results for companies and organizations that use Google for their mail servers and Linode for their name serves. So, in this case, you should deselect these entities in you filter window, click the Next> button and the machine will continue running.

Filter Window in Detail

In the case of Footprint L2, after clicking Next> the machine will pause again to display the User Filter window for paterva.com’s MX records as shown in the image below:

After making selections for each of the user filters, the machine will continue to run all its transforms excluding the entities deselected in the user filter. When the machine is complete there will be a chime sound made by the Maltego client to indicate that the machine is complete.

In Maltego there is also such thing as a perpetual machine. A perpetual machine can be configured to run every x seconds and useful for monitoring data that changes regularly. When a perpetual machine finishes running, a countdown timer will appear in the Machines window that will count down until it is time for the machine to run again.